Thirty years ago this month, Microsoft released Windows 3.0, a graphical environment that represented a dramatic leap over its predecessors in terms of capability and popularity. Heres what made Windows 3.0 special.

In the early days on IBM PC compatible machines, most PCs ran Microsoft MS-DOS, a command-line based operating system that typically could only run one program at a time. As computers grew in power in the early 1980s, multitasking became a huge buzzword in the industry. Magazine editorials spoke of the productivity increases that would come from being able to run two applications at the same time.

Around that time, ideas about graphical and mouse-based computer interfaces that had been pioneered on the Xerox Alto had begun to filter down into the personal computer industry. After witnessing several early GUI-based operating system approaches, Microsoft released its own graphical mouse-based interface, Windows 1.0, in 1985. It ran on top of MS-DOS and provided a bitmapped display with non-overlapping application windows.

Neither Windows 1.0 nor Windows 2.0 proved successful in the market. Then came Windows 3.0 in 1990, another GUI shell that ran on top of MS-DOS. It allowed multitasking of both MS-DOS programs and specially written Windows applications. Unlike previous versions of Windows, it proved to be a hit, selling over 10 million copies. Third-party application support followed, and Microsoft cemented its PC market operating system dominance.

Here are some of the elements that came together to make both Windows 3.0 unique and successful.

RELATED: PCs Before Windows: What Using MS-DOS Was Actually Like

In todays Windows, the Start Menu provides a quick and easy way to organize and launch installed applications. In Windows 3.0 that job was held by Program Manager, which was also the main interface (shell) for Windows.

As a shell, Windows 2.0 had used MS-DOS Executive, which was basically a glorified list of files with no support for application icons. Compared to that, the large 16-color icons in Windows 3.0 felt like a revelation, bringing icon detail matching expensive color Macintosh computers to relatively inexpensive PCs.

Also, Program Manager was easy to use. Compared to MS-DOS by itself, or Windows 2.0s MS-DOS Executive shell, Program Manager provided a very non-intimidating interface. Users could easily find and launch applications while being mostly shielded from accidentally messing up its file-based underpinnings.

If you did want to manage files in Windows 3.0, you needed to launch a separate application called File Manager. Today, File Explorer serves as both the main interface and the file manager of Windows 10.

By now, Solitaire is so heavily associated with Windows that its hard to picture the two apart. The famous partnership first came together in 1990 when Microsoft shipped its first-ever version of Solitaire with Windows 3.0. With its detailed cards (and amusing card backs), Solitaire proved an able example of Windows graphical capabilities. And of course, it was also a great way to kill time between tasks in the office.

Solitaire featured card faces designed by Susan Kare, who had previously designed many graphical elements and fonts for the Macintosh. She also designed many icons for Windows 3.0. Microsoft used Kares card graphics all the way up to Windows XP, finally replacing them in Vista.

Windows 3.0 also included the game Reversi with every copy. While Microsoft dropped Reversi in Windows 3.1 (in favor of Minesweeper), Solitaire shipped with Windows all the way up to Windows 7. (Now its a weird pay-to-play parody of itself, but thats another topic entirely.)

Windows 3.0 included advanced memory management that let it use large amounts of RAM, allowing both larger programs and true cooperative multitasking for the first time. When it came to multitasking MS-DOS programs (which many people still used frequently), Windows 1.0 and 2.0 served basically graphical application launchers. In Windows 3.0, users could run multiple MS-DOS applications simultaneously, which felt like magic at the time.

What kind of MS-DOS applications were people running in 1990? Thanks to backward compatibility, anything and everything, from Lotus 1-2-3 to Captain Comic. Windows proved a boon to multi-node BBSes at the time as well, allowing multiple instances of DOS-based BBS software to run easily on one machine.

It seems amazing today, but Windows 3.0s buttons represented serious eye candy for a PC graphical interface at the time. They included simulated highlights and shadows that gave the illusion of depth, and as a result, most people referred to the buttons as being 3D.

Overall, the cleanly-executed Windows 3.0 interface felt crisp and professional, with detailed icons, well-thought-out window arrangements, and nice fonts. For the first time, Windows matched (and arguably surpassed) the visual fidelity of Mac OS, which most considered the benchmark GUI of the time. That visual flair helped make Windows 3.0 so massively popular.

Windows 3.0 represented a turning point in the evolution of PC compatibles when machines capable of a good graphical interface (and all of the peripherals involved) had become low cost enough for mainstream users. In 1990, you could buy a low-end PC capable of running Windows 3.0 for under $1000, while the cheapest color Macintosh was about $2400 at the time. With a PC, a mouse, and a $149 copy of Windows, you could build an almost Mac-like machine on the cheap.

When more people buy a platform, more companies want to develop for it, and thats exactly what happened to Windows 3.0. While third-party support had been few and far between in the Windows 1.0 and 2.0 eras, many software vendors hopped aboard to support Windows 3.0, including Aldus with its popular desktop publishing software Aldus PageMaker. For office productivity, Microsoft itself released excellent versions of PowerPoint, Word, and Excel for Windows 3.0, among others. You could get real work done in Windows 3.0.

As we close our look back at Windows 3.0, who can forget the glorious 16-color high-resolution (640480!) wallpaper Microsoft included with every copy?

In an era where VGA cards were finally going mainstream, many users began running the environment in higher resolutions such as 640480. Suitably, Microsoft included CHESS.BMP, a graphical showcase that depicts a handful of chess pieces flying through the air over a seemingly endless checkerboard plane. Windows users didnt get built-in screensaver support until Windows 3.1 in 1992, so we took what small pleasures we could get. CHESS.BMP fit the bill perfectly.

Happy birthday, Windows 3.0!

For a blast from the past, well show you how to install Windows 3.1 in DOSBox and run it on a modern PC. Windows 3.1 was released a few years after Windows 3.0 and featured a similar interface.

RELATED: How to Install Windows 3.1 in DOSBox, Set Up Drivers, and Play 16-bit Games

Read more:
Windows 3.0 Is 30 Years Old: Heres What Made It Special - How-To Geek

(CNN) Being unable to affordair conditioningor wanting to save more by using it less is a normal circumstance for some of us.

Usually, in addition to using a few life hacks to stay cool, we would go see amovie, take a dip in the pool or visit an air-conditioned public facility to find some relief from hot summer temperatures.

But thepandemichas rendered those remedies inaccessible in many places. Many areclosed for safety precautions, so when the heat becomes unbearable, it could feel like theres no place left to go.

However, there are ways to feel comfortable without cranking the air conditioning unit or going without. Here are more than 12 methods for cooling your body and buffering your house from the outside heat.

When youre hot and flushed,hydrating yourselfis the first and foremost step to cooling down, said Wendell Porter, a senior lecturer in agricultural and biological engineering at the University of Florida.

The temperature of the water doesnt matter since your body will heat it, he added. If your body is suffering from the heat and needs to cool itself, it cant perform the function without enough moisture.

Taking a cold shower orbathhelps cool your body by lowering your core temperature.

For an extra cool blast, use peppermint soap. The menthol in peppermint oilactivates brain receptorsthat convey whether something youre eating or feeling is cold.

Place a cold washrag on your wrists or drape it around your neck to cool your body. These pulse points are areas where blood vessels are close to the skin, so youll cool down more quickly.

Place box fans facing out of the windows of rooms youre spending time in to blow out hot air and replace it with cold air inside.

If the weather in your area tends to fall between 50 and 70 degrees Fahrenheit in the mornings and evenings, open the windows during those times to facilitate a cross-flow ventilation system. The outdoors can pull the hot air from your home, leaving a cooler temperature or bringing in the breeze. Just be sure to close windowsas the sun comes out, then open them when the weather is cool again.

Usually we might not leave windows open in consideration of crime, but while were home during this time, this method could be feasible, Porter said.

Resting near a fan would reduce just your body temperature.

If you have windows that face the suns direction in the morning through afternoon, close the curtains or blinds over them to keep the sun from coming directly into the house and heating up [the] inside, Porter said.

You could also install blackout curtains to insulate the room and reduce temperature increases that would happen during the day.

If you do turn the air conditioning on, dont drop it to below 70 degrees Fahrenheit in an effort to cool the house faster, said Samantha Hall, managing director of Spaces Alive, a design research company helping to create healthy, sustainable buildings.

It just runs for longer to reach that temp and will keep going until you start to feel a bit chilly and is then hard to balance, she added. Instead, keep the unit temperature as high as possible while still comfortable.

Cotton is one of the most breathable materials, so cotton sheets or blankets could help keep you cool through the night.

Thelower the thread countof the cotton, the more breathable it is, Porter said. Thats because higher thread counts have more weaving per square inch.

Common advice for staying cool without air conditioning includes refrigerating or freezing wet socks, blankets or clothing then ringing them out for sleep. But this isnt a good idea, Porter said.

The amount of energy they can absorb from your body that night, they will be warm in just a matter of minutes, he said. And then youd have damp stuff that would mold your mattress. So you definitely dont want to do that.

If no ones using a room, close it off to keep the cool air in only occupied areas of the house.

Flip the switch for the exhaust fan in your kitchen to pull hot air that rises after you cook or in your bathroom to draw out steam after you shower.

Incandescent light bulbs generate a higher temperature than LED light bulbs do. To make the switch, watch for sales on energy-efficient bulbs then slowly replace the bulbs in your house, Porter said.

Switching light bulbs can save money but wont reduce a lot of heat in the home, Hall said. But if you focus on switching the bulbs in areas youre sitting near, that would make a more noticeable difference, Porter said.

Oven heat can spread throughout your house. Keep the heat centralized in one area, such as a slow cooker. Or, cook outdoorson a grill to keep the heat outside.

Eating an ice pop or ice cream to cool down may help for a moment. Butdont go overboard on the sugarif youre overheated or at risk of being overheated, Porter said.

Sugar would run your metabolism up and youd start feeling internally hot, he said. So the cool treat might be good, but the extra sugar might not.

View original post here:
How to stay cool as warmer weather arrives - FOX40

Cricket Australia Director and former Australia captain Mark Taylor urged the International Cricket Council (ICC) to take a decision on the mens T20 World Cup. The tournament is scheduled to be held from October 19 to November 15 in Australia, but is under a cloud of uncertainty due to the coronavirus pandemic. It would probably be good (if a decision is made this week), Taylor told the Nine Network. Because then everyone can start planning and we can stop sitting here and saying well ifs, buts or maybes.

The window of October to November is also a period that the Board of Control of Cricket in India (BCCI) is looking at as a potential period to hold the Indian Premier League (IPL). But they have made it clear that is only if the ICC decides to postpone the showpiece event.

Also read:His body can bend when he moves: Suresh Raina names Indias best fielder

The cash-rich T20 league was scheduled to start on March 29 but was postponed due to the outbreak of the pandemic in India.

My feeling is the World T20 wont go ahead in Australia in October as planned. Is it going to be viable to have a world tournament in October or November? The answer to that is probably no, said Taylor.

While many of the current and former Australian players have themselves said that they dont see the likelihood of the World T20 happening in October-November as per initial schedule due to the restrictions that have come in due to the coronavirus pandemic, former Australia skipper Allan Border has made it clear that the Indian Premier League shouldnt be given priority over the showpiece event.

Also read:Take stress out of Virat Kohlis life:Former India pacer bats for Rohit Sharma as captain inT20Is

(Im) not happy with that, the world game should take precedence over a local competition. So, the World T20, if that cant go ahead, I dont think the IPL can go ahead, Border said on ABCs Grandstand Cafe radio program.

I would question that decision (to replace it) -- its just a money grab, isnt it, that one? The World T20 should take precedence, for sure.

View post:
Mark Taylor feels it is probably not viable to have WT20 in October or November - Hindustan Times

Loading

The common thread behind the desire to end the childcare scheme as well as a push from the Coalition backbench to end the JobKeeper wage-subsidy program early is concern about the fiscal cost of such programs. Despite the fact that the government will and should run deficits topping $130 billion for the next two years, there has been a reflexing return to the debt and deficits mantra to which the government was wedded prior to COVID-19.

Yet the way to deal with the debt accrued to get the country through the COVID-19 crisis is to shrink it away as a share of Gross Domestic Product by growing the overall economy. With the government able to borrow long-term for less than 1 per cent, the carrying cost of even $260 billion of new debt is tiny between $2 billion and $3 billion a year out of a $500 billion a year budget.

The real question is how do we get that economic growth?

One possibility is through population growth from immigration. That has been a big part of Australias economic growth story in recent years, but seems unlikely to continue in the foreseeable future. International movement of people is likely to be subdued generally, and there is already pressure from some quarters for the Australian government to restrict immigration and prioritise local workers.

Loading

A second possibility is to increase the productivity of the existing workforce. This has proved hard in recent times, with labour productivity below 1 per cent per annum for the last 5 years and was even negative in 2019. In an economy with increased automation and few game-changing labour-productivity enhancements since the 1990s computer revolution this avenue will likely continue to be hard.

The most likely path to growth is from increased labour force participation. Australias participation rate is quite strong relative to other advanced economies, but there is room to get above our roughly 66 per cent rate. That requires getting parentsespecially womenback into the workforce.

To do so we need a taper, rather than a radical rollback, of childcare support. A gradual reduction in the increased subsidies brought in last month, not cutting them off entirely. That might mean a sliding scale that reduces the current 100 per cent-free model to 90 per cent next quarter, then 80 per cent, and so on.

Of course, free childcare is not the only, or even the best model or use of government funding going forward. Last year we proposed a plan where households could continue to use the pre-COVID childcare subsidy scheme without modification, or opt to forego those arrangements an instead receive a tax deduction for child-care expenditures up to an annual cap.

Having the option to stick with the CCS means that no household could be worse off, but a significant number would be better offmore than 205,000 households, representing 22.5 per cent of households with children. The average couple with children would be $618 per annum better off and households in the bottom 20 per cent -40 per cent of the income distribution would be an average of $626 a year better off.

And from an economy-wide perspective, the plan would boost labour force participation by providing increased access to affordable childcare while removing the high effective marginal tax rates for working extra hours that can sometimes mean that parents can, perversely, earn less on a net basis by working more, once actual tax rates and the loss of childcare subsidies from additional income are factored in.

There were important issues about getting parents who want to back into the workforce, as well as the gender-wage gap which stands at 14 per cent before COVID-19. Those issues are still with us, but we now also need to consider how to boost economic growth in a very challenging environment.

One way to do that is to continue with the current free childcare scheme, although taper it off gradually.

Another attractive way to achieve those goals is by increasing labour force participation through well-designed subsidies. That may not involve free childcare forever, but it certainly does involve repurposing the subsidies introduced in April along the lines of our plan, rather than doing away with them altogether at the end of June.

Rosalind Dixon is a Professor of Law and Director of the Gilbert + Tobin Centre of Public law. Richard Holden is a Professor of Economics at UNSW Sydney.

Read more:
Replace free childcare scheme with tax deductions to kickstart economy - Sydney Morning Herald

Allan Border. (Photo Source: Twitter)

Cricket has affected severely due to the ongoing Coronavirus pandemic. No international cricket has taken place since March with even the marquee Indian Premier League (IPL) also being postponed until further notice. Even as some of the boards are pondering resuming the sport behind closed doors, the doubts continue to linger over the happening of the T20 World Cup scheduled to be played in Australia later this year.

Reports suggest that the postponement is inevitable and the ICC is likely to confirm the same any time in the next week. Moreover, the ICC event not happening in October-November opens up a window for the IPL to take place. Speculations are being made that the BCCI might look to host the T20 extravaganza in India during this period depending upon the situation in the country.

However, former Australia cricketer Allan Border is against it. He stated that the IPL shouldnt replace the World event and also didnt seem to be happy with it. According to him, the ICC tournament should always take the precedence and also suggested the other boards to not send their players to feature in the cash-rich league if it goes ahead.

[Im] not happy with that, the world game should take precedence over local competition. So, the World T20, if that cant go ahead, I dont think the IPL can go ahead. I would question that decision [to replace it] its just a money grab, isnt it, that one? The World T20 should take precedence, for sure. The home boards should stop their players going to the IPL if thats the case, he said while speaking in ABCs Grandstand Cafe radio program.

Allan Border understands that India is responsible for the major income in world cricket but also cautioned that if IPL takes precedence over T20 World Cup, it would send a wrong signal to world cricket. That would be just shut the gate, you know, India running the game. Theyre pretty close to it now, but I suppose if youre responsible for 80 per cent of global [cricket] income, youre going to have a fair say in what goes on, I get that.

But I think the world game cant allow that to happen. I dont think you can have India superseding what the international game has in place. That would be going down the wrong path, the 64-year-old added.

Originally posted here:
Its just a money grab Allan Border against IPL 2020 replacing T20 World Cup later this year - CricTracker

talkSPORT rounds up all the latest transfer news and football gossip at Liverpool.

Getty

Former Manchester United striker Dimitar Berbatov has urged Kai Havertz to snub a move to the Premier League and continue his progress at Bayer Leverkusen

The 20-year-old midfielder has been linked with 90million moves to Liverpool, Manchester United and Barcelona.

All eyes are on the Bundesliga at the moment and when you score goals and play good football it is no surprise that teams like Liverpool want you, Berbatov toldBetfair.

I would like to see Havertz in the Premier League at some point, but not right now. I think it is a bit too early for him, I want to see him play more games, score more goals and get more confidence and maturity.

I think he should stay at Leverkusen and develop even more and get that experience which will help him for when the time comes to go somewhere else.

Liverpool will sell THREE players this summer to fund a move for RB Leipzig forward Timo Werner.

The Reds have long wanted Werner but the financial fallout of coronavirus means they will be unable to splash the cash this summer.

However, The Athletic say they will look to raise the necessary funds for him by cashing in on Xherdan Shaqiri, Harry Wilson and Marko Grujic.

The three have fallen out of favour at Anfield but would help recoup a large chuck of what Werner would cost.

Sadio Mane is overtaking Kylian Mbappe as Real Madrids main target this summer.

According to Le10Sport, the La Liga club are frustrated with PSG over negotiations for Mbappe.

And now they are set to move onto to Mane as Zinedine Zidane looks for a replacement for Karim Benzema.

It looks increasingly likely that Liverpool will lose one of their attacking stars in the coming months.

Timo Werner has become the target of phone calls from Jurgen Klopp, who hopes to bring the Germany forward to Liverpool.

The RB Leipzig ace, who has 102 career goals to his name at the age of 24, is allegedly keen on joining the Anfield outfit rather than staying in Germany and joining Bayern Munich.

Klopp has been calling Werner over a move to Liverpool as he prepares for the potential departure of either Mohamed Salah or Sadio Mane.

Both attackers have been linked with Real Madrid and, according to Le10Sport, Klopp is considering Werner as his priority signing to replace whichever one leaves.

Liverpool look set to win the race for Leicester City centre-back Caglar Soyuncu, AS claim.

Man City and Barcelona are also said to be interested in the 23-year-old but the Reds are the favourites to sign the Turkey international.

Soyuncu has been outstanding for Leicester this season taking over the mantle from Harry Maguire following his move to Manchester United last summer.

Adama Traore is reportedly a summer transfer target for Premier League heavyweights Liverpool, Manchester United and Manchester City.

The Wolves star has been one of the top-flights most improved performers this season with four goals and seven assists.

He has become a regular fixture in their side after starting just five league games last term following an 18million move from Middlesbrough.

Le10sport claim the Premier Leagues big guns are interested in signing 70m-rated Traore.

Icon Sport - Getty

Liverpool boss Jurgen Klopp is pulling out all the stops to sign Kylian Mbappe having reportedly contacted the players dad.

Mbappe, 21, is one of the worlds most sought-after players and has been touted with Real Madrid in a move that could eclipse Neymars world-record transfer to PSG in 2017.

However, Liverpool have also been linked with the forward having won the Champions League, Super Cup and Club World Cup in 2019. They also have a 25-point lead at the top of the Premier League.

And thats put them in contention to sign the World Cup winner, who has 30 goals for Paris Saint-Germain this season.

French outlet Le10 Sport reports that Klopp is so desperate to land Mbappe, hes even called the Frenchmans dad.

Trent Alexander-Arnold would love to see special talent Jadon Sancho at Liverpool.

Borussia Dortmund and England forward Sancho is expected to move to England this summer with Manchester United seemingly leading the chase for him.

Alexander-Arnold said: If he came to us, hed make our team better.

So, Id be more than happy for him to come because I played with him at England and hes a special, special, special, special talent.

Timo Werner has reportedly ruled out a move to another Bundesliga club when the transfer window opens.

The Germany international, who has scored 21 goals in 25 league matches this term, is Liverpools top target this summer andis said to have a 51million release clause that expires on June 15.

According to Bild, he is not willing to move to another club in the German top flight and a move to Anfield is his preferred option.

Meanwhile, Liverpool chiefs fear they may miss out on Werner as they can not meet with the player because of the coronavirus pandemic.

Jurgen Klopp wants to bring him to Merseyside but his plans to meet the player in person to finalise the deal have been thrown up in the air due to the virus, German outlet Bild claim.

Klopp hoped to convince Werner to join personally but the current travel restrictions could scupper the transfer.

Sadio Mane could be tempted to join Real Madrid, according to his Senegal team-mate Keita Balde.

The Liverpool forward is being heavily linked with a move to Spain later this year.

I dont know what his decision is, Balde told AS. In a year or two, you may want to change.

I dont think he wants to be there forever. He is a smart boy and he knows what is good for him and what he has to do.

getty

Liverpools plans to build a dynasty under Jurgen Klopp have come under threat with Germany reportedly earmarking the Reds boss as the long-term successor to Joachim Low.

Klopp is one of the hottest properties in management after steering the Reds to Champions League glory last season and guiding them to within only six points of their first English league title in three decades.

The 52-year-old put pen to paper on a new deal last December to keep him Anfield-bound until 2024.

Despite insisting he will see out his deal, Germany have decided he is the right man to take over from Low in the near future, The Mirror claim.

It is believed Klopp has told bosses at Anfield that Liverpool will be the last club he manages and sees a transition to the national team as a natural step for him to take.

Timo Werner would reportedly have his preference of shirt number if he seals a move to Liverpool in the summer.

Roberto Firmino, Sadio Mane and Mohamed Salah currently occupy the No.9, No.10 and No.11 shirts respectively.

But the Express claim Werner would have his pick of any squad number.

Liverpool have zero interest in bringing Philippe Coutinho back to Anfield.

It has been claimed recently that the Reds could look into re-signing Coutinho amid news Barcelona are looking sell once the transfer window re-opens.

The Brazilian has been on loan at Bayern Munich this season and scored nine goals in 32 appearances.

But his future remains unclear and The Mirror say Liverpool are not interested.

The 27-year-old could potentially join a Premier League rival with clubs likely to be keen.

Liverpool defender Dejan Lovren is attracting interest from Arsenal, Tottenham and West Ham.

The 30-year-old Croat is out of favour at Anfield and looks set to leave the club soon.

Teamtalk claim the Premier League trio are looking to keep Lovren in England and will move for him when the transfer window opens.

Lovren has made just nine league appearances this season.

The rest is here:
Liverpool transfer news and gossip: Kai Havertz urged to snub Reds, Klopp phoning Werner, Real step up Mane - talkSPORT.com

The notorious APT group continues to play the video game industry with yet another backdoor

In February 2020, we discovered a new, modular backdoor, which we named PipeMon. Persisting as a Print Processor, it was used by the Winnti Group against several video gaming companies that are based in South Korea and Taiwan and develop MMO (Massively Multiplayer Online) games. Video games developed by these companies are available on popular gaming platforms and have thousands of simultaneous players.

In at least one case, the malware operators compromised a victims build system, which could have led to a supply-chain attack, allowing the attackers to trojanize game executables. In another case, the game servers were compromised, which could have allowed the attackers to, for example, manipulate in-game currencies for financial gain.

The Winnti Group, active since at least 2012, is responsible for high-profile supply-chain attacks against the software industry, leading to the distribution of trojanized software (such as CCleaner, ASUS LiveUpdate and multiple video games) that is then used to compromise more victims. Recently, ESET researchers also discovered a campaign of the Winnti Group targeting several Hong Kong universities with ShadowPad and Winnti malware.

About the Winnti Group naming:

We have chosen to keep the name Winnti Group since its the name first used to identify it, in 2013, by Kaspersky. Since Winnti is also a malware family, we always write Winnti Group when we refer to the malefactors behind the attacks. Since 2013, it has been demonstrated that Winnti is only one of the many malware families used by the Winnti Group.

Multiple indicators led us to attribute this campaign to the Winnti Group. Some of the C&C domains used by PipeMon were used by Winnti malware in previous campaigns mentioned in our white paper on the Winnti Group arsenal. Besides, Winnti malware was also found in 2019 at some of the companies that were later compromised with PipeMon.

In addition to Winnti malware, a custom AceHash (a credential harvester) binary found at other victims of the Winnti Group, and signed with a well-known stolen certificate used by the group (Wemade IO), was also used during this campaign.

The certificate used to sign the PipeMon installer, modules and additional tools is linked to a video game company that was compromised in a supply-chain attack in late 2018 by the Winnti Group and was likely stolen at that time.

Interestingly, PipeMon modules are installed in %SYSTEM32%spoolprtprocsx64; this path was also used in the past to drop the second stage of the trojanized CCleaner.

Additionally, compromising a software developers build environment to subsequently compromise legitimate application is a known modus operandi of the Winnti Group.

Companies targeted in this campaign are video game developers, producing MMO games and based in South Korea and Taiwan. In at least one case, the attackers were able to compromise the companys build orchestration server, allowing them to take control of the automated build systems. This could have allowed the attackers to include arbitrary code of their choice in the video game executables.

ESET contacted the affected companies and provided the necessary information to remediate the compromise.

Two different variants of PipeMon were found at the targeted companies. Only for the more recent variant were we able to identify the first stage which is responsible for installing and persisting PipeMon.

PipeMons first stage consists of a password-protected RARSFX executable embedded in the .rsrc section of its launcher. The launcher writes the RARSFX to setup0.exe in a directory named with a randomly generated, eight-character, ASCII string located in the directory returned by GetTempPath. Once written to disk, the RARSFX is executed with CreateProcess by providing the decryption password in an argument, as follows:

setup0.exe -p*|T/PMR{|T2^LWJ*

Note that the password is different with each sample.

The content of the RARSFX is then extracted into %TMP%RarSFX0 and consists of the following files:

Note that in the event of a folder name collision, the number at the end of the RarSFX0 string is incremented until a collision is avoided. Further, not all these files are necessarily present in the archive, depending on the installer.

Once extracted, setup.exe is executed without arguments. Its sole purpose is to load setup.dll using LoadLibraryA. Once loaded, setup.dll checks whether an argument in the format x:n (where n is an integer) was provided; the mode of operation will be different depending on the presence of n. Supported arguments and their corresponding behavior are shown in Table 1. setup.exe is executed without arguments by the RARSFX, and checks whether its running with elevated privileges. If not, it will attempt to obtain such privileges using token impersonation if the version of Windows is below Windows 7 build 7601; otherwise it will attempt different UAC bypass techniques, allowing installation of the payload loader into one of:

depending on the variant. Note that we werent able to retrieve samples related to Interactive.dll.

Table 1. setup.exe supported arguments and their corresponding behavior.

This loader is stored encrypted within setup.dll, which will decrypt it before writing it to the aforementioned location.

The location where the malicious DLL is dropped was not chosen randomly. This is the path where Windows Print Processors are located and setup.dll registers the malicious DLL loader as an alternative Print Processor by setting one of the following registry values:

HKLMSYSTEMControlSet001ControlPrintEnvironmentsWindows x64Print ProcessorsPrintFiiterPipelineSvcDriver = DEment.dll

or

HKLMSYSTEMCurrentControlSetControlPrintEnvironmentsWindows x64Print Processorslltdsvc1Driver = EntAppsvc.dll

depending on the variant. Note the typo in PrintFiiterPipelineSvc (which has no impact on the Print Processor installation since any name can be used).

After having registered the Print Processor, PipeMon restarts the print spooler service (spoolsv.exe). As a result, the malicious print process is loaded when the spooler service starts. Note that the Print Spooler service starts at each PC startup, which ensures persistence across system resets.

This technique is really similar to the Print Monitor persistence technique (being used by DePriMon, for example) and, to our knowledge, has not been documented previously.

Additionally, the encrypted payload, CrLnc.dat, extracted from the RARSFX is written to the registry at the following location, depending on the installer:

This encrypted registry payload is then loaded, decrypted and executed by the previously registered Print Processor library. The whole PipeMon staging and persistence is shown in Figure 1.

Figure 1. PipeMon staging and persistence

We named this new implant PipeMon because it uses multiple named pipes for inter-module communication and according to its PDB path, the name of the Visual Studio project used by its developer is Monitor.

As mentioned previously, two different PipeMon variants were found. Considering the first variant, we couldnt retrieve the installer; thus, we dont know for sure the persistence technique that was used. But considering that this first variant of PipeMon was also located in the Print Processor directory, its likely that the same persistence mechanism was used.

PipeMon is a modular backdoor where each module is a single DLL exporting a function called IntelLoader and is loaded using a reflective loading technique. Each module exhibits different functionalities that are shown in Table 2.

The loader, responsible for loading the main modules (ManagerMain and GuardClient) is Win32CmdDll.dll and is located in the Print Processors directory. The modules are stored encrypted on disk at the same location with inoffensive-looking names such as:

Note that .hwp is the extension used by Hangul Word Processor from Hangul Office, which is very popular in South Korea.

The modules are RC4 encrypted and the decryption key Com!123Qasdz is hardcoded into each module. Win32CmDll.dll decrypts and injects the ManagerMain and GuardClient modules. The ManagerMain module is responsible for decrypting and injecting the Communication module, while the GuardClient module will ensure that the Communication module is running and reload it if necessary. An overview of how PipeMon operates is shown in Figure 2.

Win32CmDll.dll first tries to inject the ManagerMain and GuardClient modules into a process with one of the following names: lsass.exe, wininit.exe or lsm.exe. If that fails, it tries to inject into one of the registered windows services processes, excluding processes named spoolsv.exe, ekrn.exe (ESET), avp.exe (Kaspersky) or dllhost.exe. As a last option, if everything else failed, it tries to use the processes taskhost.exe, taskhostw.exe or explorer.exe.

The process candidates for Communication module injection must be in the TCP connection table with either 0.0.0.0 as the local address, or an ESTABLISHED connection and owning a LOCAL SERVICE token. These conditions are likely used to hide the Communication module into a process that is already communicating over the network so that the traffic from the Communication module would seem inconspicuous and possibly also whitelisted in the firewall. If no process meets the previous requirements, the ManagerMain module tries to inject the Communication module into explorer.exe. Processes belonging to the Windows Store Apps and processes named egui.exe (ESET) and avpui.exe (Kaspersky) are ignored from the selection.

Table 2. PipeMon module descriptions and their respective PDB paths

Additional modules can be loaded on-demand using dedicated commands (see below), but unfortunately, we werent able to discover any of them. The names of these modules are an educated guess based on the named pipes used to communicate with them:

Inter-module communication is performed via named pipes, using two named pipes per communication channel between each individual module, one for sending and one for receiving. Table 3 lists the communication channels and their corresponding named pipes.

Table 3. PipeMon communication channel and their respective named pipes

The %CNC_DEFINED% string is received from the C&C server and %B64_TIMESTAMP% variables are base64-encoded timestamps such as the ones shown in Table 4.

Table 4. Example timestamps used with named pipes

Figure 2. PipeMon IPC scheme (original PipeMon variant)

The Communication module is responsible for managing communications between the C&C server and the other modules via named pipes, similar to the PortReuse backdoor documented in our white paper on the Winnti arsenal.

Its C&C address is hardcoded in the ManagerMain module and encrypted using RC4 with the hardcoded key Com!123Qasdz. It is sent to the Communication module through a named pipe.

A separate communication channel is created for each installed module. The communication protocol used is TLS over TCP. The communication is handled with the HP-Socket library. All the messages are RC4 encrypted using the hardcoded key. If the size of the message to be transferred is greater than or equal to 4KB, it is first compressed using zlibs Deflate implementation.

struct CCMSG{ BYTE is_compressed; CMD cmd;};struct CMD{ QWORD cmd_type; DWORD cmd_size; DWORD cmd_arg; BYTE data[cmd_size - 16];};

struct CCMSG

{

BYTE is_compressed;

CMD cmd;

};

struct CMD

{

QWORD cmd_type;

DWORD cmd_size;

DWORD cmd_arg;

BYTE data[cmd_size - 16];

};

struct beacon_msg{ BYTE isCompressed = 0; CMD cmd_hdr; WCHAR win_version[128]; WCHAR adapters_addrs[128]; WCHAR adapters_addrs[64]; WCHAR local_addr[64]; WCHAR malware_version[64]; WCHAR computer_name[64];}

struct beacon_msg

{

BYTE isCompressed = 0;

CMD cmd_hdr;

WCHAR win_version[128];

WCHAR adapters_addrs[128];

WCHAR adapters_addrs[64];

WCHAR local_addr[64];

WCHAR malware_version[64];

WCHAR computer_name[64];

}

Figure 3. C&C message and beacon formats

To initiate communication with the C&C server, a beacon message is first sent that contains the following information:

The information about the victims machine is collected by the ManagerMain module and sent to the Communication module via the named pipe. The backdoor version is hardcoded in the Communication module in cleartext.

The format of the beacon message is shown in Figure 3 and the supported commands are shown in Table 5.

Table 5. List of commands

* The argument supplied for this command type is ignored

As mentioned earlier, the attackers also use an updated version of PipeMon for which we were able to retrieve the first stage described above. While exhibiting an architecture highly similar to the original variant, its code was likely rewritten from scratch.

The RC4 code used to decrypt the modules and strings was replaced by a simple XOR with 0x75E8EEAF as the key and all the hardcoded strings were removed. The named pipes used for inter-module communication are now named using random values instead of explicit names and conform to the format\.pipe%rand%, where %rand% is a pseudorandomly generated string of 31 characters containing only mixed case alphabetic characters.

Here, only the main loader (i.e. the malicious DLL installed as a Print Processor) is stored as a file on disk; the modules are stored in the registry by the installer (from the CrLnc.dat file) and are described in Table 6.

Table 6. Updated modules

Module injection is not performed using the reflective loading technique with an export function anymore; custom loader shellcode is used instead and is injected along with the module to be loaded.

The C&C message format was changed as well, and is shown in Figure 4.

struct CCMSG{ BYTE is_compressed; CMD cmd;};struct CMD{ QWORD cmd_type; DWORD cmd_size; DWORD cmd_arg; BYTE data[cmd_size - 16];};

struct CCMSG

{

BYTE is_compressed;

CMD cmd;

};

struct CMD

{

QWORD cmd_type;

DWORD cmd_size;

The rest is here:
No Game over for the Winnti Group - We Live Security

Are you looking for a house renovation? Or need to makethe outlook more impressive? Then you should replace the window at home with anew and modernized pair. A new window can keep your place warm, protected, andincrease the value of the property.

While investment in the window is a crucial decision andit took time to review to find the best option. Before getting into the newwindow you should know, how much does it cost to replace windows? And much more. here are some reasons that show why youneed window replacement:

The most important aspect that leads to change in thewindow is to increase the value of a home. Is it something that offers theupdate to change the old style with a new one. whenever it comes to give avalue addition modification to your place window is a perfect choice amongothers. Before fixing the new window it is necessary to check the size, colorscheme, and fitting.

No matter what kind of weather is outside, the windowhelps to keep the internal temperature control. In cold it helps to warm insideand in summer it helps to restrict the heat from entering the home. Moreover,it significantly reduces the cost of cooling and heating by saving more than30%. So, a fine quality window with the right insulation is an energy-efficientdecision.

With the window, it is easy to protect the householdthings from environmental contact. More it helps to reduce the moisture, heat,and restrict other factors that do not affect the internal temperature andatmosphere of the house. It also restricts the entrance of microbes, dust, insects,and mosquitoes to enter the house and enhance theprotection.

If we consider the security, the window is best atproviding security. Like it helps to enter sunlight in the house but restrictsthe unauthorized entrance. The window offers security and privacy together.Like in the market multiple window options are available that even block thenoisy voices. More you can install the one that enhances privacy and not allowthe outsiders to intervene in the private space.

Here is another possibility that leads to replacing theold window with the new one. if due to environmental influence or storm yourwindow is damaged and needs a fix. You can check the repair cost andreplacement cost and if window repair cost is almost the same as thereplacement one, then change is better. It offers a way to put some latestdesign with more sustainable fitting and protective measures that helps toavoid damage in the future.

Renovation is always an impressive decision that offersexciting opportunities to experience changes. You can modify your place withjust a small modification. For window replacement you have to search the bestoption in material and compare the cost as well, to find the appropriateoption.

Read the original:
Why Do You Need Window Replacement at Home? - IMC Grupo

"Only the rich can afford poor windows," says Joe Koken, general manager of Renewal by Andersen of Arizona. Koken was quoting Hans Andersen, founder of Andersen Windows in 1903. Renewal by Andersen is the full-service replacement window division of Andersen Windows, and this month it's celebrating its 25th anniversary with the biggest discount ever offered to new customers.

"You can replace your windows and doors once with a highly engineered product and likely never have to do it again, or you can replace them several times with a low-end product and end up paying more in the long run," Koken says.

The quality of the Renewal by Andersen window starts with its Fibrex composite material.

"There is a misconception that vinyl is a good choice for windows, but we won't even sell a vinyl window," Koken says. "Our exclusive window material, called Fibrex, is a composite that's two times stronger than vinyl."

Andersen researched and developed its Fibrex material for 30 years before it was installed in even one home. Fibrex is a wood-and-polymer composite that expands and contracts very little and is warranted not to warp, peel or corrode.*

"Fibrex has the strength, durability and beauty of wood windows combined with the low maintenance aspects of vinyl," Koken says.*

When choosing a replacement window or door company, there are five questions you should ask:

1. What does the warranty cover and how long does it last?

Many replacement window companies will warrant their windows and doors but not their installations. And a lot of them claim to have a "lifetime" warranty but in the fine print, "lifetime" can be defined as just seven years.

Renewal by Andersen has one rock-solid triple warranty that covers its windows, doors and installation. If you have any issues that come up, you won't be chasing down the manufacturer and the installer you just have to make one call.

2. What are the windows made of, and can they withstand the weather where you live?

Many vinyl replacement windows can warp, leak and cause drafts in just a few years. Renewal by Andersen's Fibrex material is vastly superior to vinyl. It's two times stronger than vinyl and infinitely more beautiful.

3. How will the company's windows or doors make your home more comfortable?

Many replacement windows will make your home more comfortable at first, but when their seals break and their energy efficiency is lost, you could be back to feeling too hot or cold in no time. Renewal by Andersen's High-Performance Low E-4 SmartSun glass helps to make homes more comfortable in every season.

4. How do you know if you're getting a good price?

If the price on a vinyl window is so low that it seems too good to be true, it probably is. In addition, if you have to replace those vinyl windows in 7-10 years, then they weren't worth it, no matter how inexpensive they were. Renewal by Andersen builds a window that will last. Nobody wants to replace their windows more than once.

5. How much will the windows or doors cost?

Many replacement window companies will give you a window estimate, but then the final bill ends up being more than the original quote. As part of its free in-home or virtual appointment, Renewal by Andersen provides an exact, down-to-the-penny price quote often within 48 hours of your call, and the quote is good for a whole year.

Renewal by Andersen is committed to keeping customers happy and safe. As Koken says, "The health and safety of our customers and our staff is our highest priority. We're adhering to the CDC's strict guidelines including wearing protective gloves and masks, maintaining a respectful distance inside your home, and frequently sanitizing our trucks and tools.

"And if you're not comfortable having us in your home at this time, we now offer virtual appointments, too," Koken adds. "From the comfort and safety of your home, you can have an online meeting with one of our project managers to discuss your window and door needs and get an exact price quote that we'll honor for a whole year.

"We also understand that this is a challenging time for some homeowners, and we want to do what we can to help them get their project done," Koken says. "So, we're having a special 'Thank You for 25 Years Sale.' Now until May 31, we're taking 25 percent off of all our windows and doors. And with our special financing, you won't pay anything for 25 months."

Call 480-565-4505 now to get Renewal by Andersen's biggest new customer discount ever!

* See Renewal by Andersen Products and Installation Transferable Limited Warranty for details.

Read more:
Why Now Is A Great Time To Replace Your Windows And Doors - Patch.com

Help support our COVID-19 coverage

We're providing access to COVID-19 articles for free. Please help support our work by subscribing or signing up for an account. Already a subscriber? Log in.

Jean Carton, left, and the Rev. Stephen Engelbrecht, pastor at St. Anthonys Church in Atkinson, are shown in front of one of the windows included in the restoration project of all stained glass windows at the church. The window depicting The Resurrection in the photograph was donated by the ladies in the Altar and Rosary Society when the church was built in 1917. Now, 103 years later, the ladies in the current Altar & Rosary Society donated the funds to restore and re-install that same window.

ATKINSON An upcoming annual spring raffle is expected to raise the remainder of the funds needed to pay for the restoration of the original stained glass windows at St. Anthonys Church in Atkinson.

The 11th annual raffle drawing will be held a 12:30 p.m. Sunday, June 7, at the Parish Hall, across from the church at 204 West Main St. The brunch that is included with the drawing each year will be held at a later date.

Nick Simon, chairman of the raffle and a deacon at the church, said more than $20,000 in prizes will be awarded, including a grand cash prize of $10,000.

Only 500 tickets will be sold and the odds of winning a cash prize are one in 39, Simon said.

The price of a raffle ticket is $100 which includes two tickets for the brunch when it is held at a later date. Tickets are available from church members, at businesses in Atkinson, and from the church office by calling 309-936-7900 and leaving a message.

Proceeds from the raffle will be applied to the Stained Glass Window Restoration and Protection project for the 103-year-old windows at the parish.

Simon said the proceeds from the spring raffle should complete paying for the project which is estimated to cost $200,000 and includes restoration of the 26 stained glass windows and the protection system, which was done to all windows in the building. He said there are 68 stained glass windows in the church.

Follow this link:
Raffle will help restore stained glass windows in Atkinson church - Quad City Times